|
Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems. |
Newsletter Archives
-
US CERT and KB 2963983: Don’t use drive-by-enabled Internet Explorer
There’s another 0day on the loose. But you use Chrome or Firefox anywya, right? Right?
InfoWorld Tech Watch.
-
New IE patch MS12-063
There’s an(other) emergency out-of-band patch for Internet Explorer. Gregg Keizer has a full write-up on Computerworld.
“Because IE10 was not affected by the recent zero-day vulnerability, Storms suspected that Microsoft may have known of the flaw before it publicly surfaced. That would go a long ways in explaining the speed with which it fixed the bug.”
Indeed.
I’m going to install the new patch on my machines, and recommend that you do the same – but I’m not in a big hurry about it. Why? Because I us Firefox as my main browser, haul out Chrome when I need to look at a site with Flash, and save Internet Explorer for the rare occasions when I need the compatibility.
-
Internet Explorer 0day
Microsoft has warned about a newly discovered, not-yet-fixed hole in Internet Explorer, all versions (except IE 10).
There’s a thorough discussion on Brian Krebs’s site.
Smartest approach? Don’t use IE. Switch to Firefox or Chrome. Nod if you’ve heard that one before.
-
What Microsoft didn’t say about the new 0day Windows flaw
Casting blame on Windows, when Internet Explorer is at fault.
See my latest InfoWorld Tech Watch blog.
-
Yet another Internet Explorer 0day
Microsoft has released Security Advisory 2501696, describing yet another 0day flaw in Internet Explorer.
This time the problem lies in the way IE handles MHTML code. Apparently there’s a way for a sufficiently ornery Web page to run amok on your PC, if you’re browsing with Internet Explorer. No action on your part necessary; it’s a drive-by security hole.
You have two choices.
You can either run Microsoft’s Fixit, which sits in Knowledge Base article 2510696.
Or you can do what I’ve been begging you to do for almost a decade now. Use Firefox. Or Chrome. Or Safari. Or anything except Internet Explorer.
-
Chinese activist attacks based on Internet Explorer 0day?
Brian Krebs reports that the attacks on Chinese human rights activists that I talked about a couple of days ago – the attack that led Google to finally take a stand in support of basic human dignity over corporate profits – was made possible by my favorite security whipping boy, Internet Explorer.
Microsoft has confirmed the 0day hole in Security Advisory 979352.
It looks like the IE 0day is only part of the story, though. The attacks were made possible by a smorgasbord of 0day holes. Researchers are still looking at all of the problems.
The Washington Post (now without Krebs) says that the Google attack is much larger than originally thought:
Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States… At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical — were attacked, according to congressional and industry sources.
The bottom line for home users is pretty simple: the bad guys aren’t out to get you, and at the moment you don’t have anything to worry about. These are sophisticated, targeted attacks that haven’t yet made it out into the general population.
But remember who’s behind it, and why, OK?
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Netplwiz not working
by 9 hours, 42 minutes ago
-
Windows 11 24H2 is broadly available
by 12 hours, 14 minutes ago
-
Microsoft is killing Authenticator
by 10 hours, 48 minutes ago
-
Downloads folder location
by 18 hours, 41 minutes ago
-
Remove a User from Login screen
by 21 minutes ago
-
TikTok fined €530 million for sending European user data to China
by 9 hours, 46 minutes ago
-
Microsoft Speech Recognition Service Error Code 1002
by 9 hours, 48 minutes ago
-
Is it a bug or is it expected?
by 14 hours, 27 minutes ago
-
Image for Windows TBwinRE image not enough space on target location
by 8 hours, 57 minutes ago
-
Start menu jump lists for some apps might not work as expected on Windows 10
by 1 day, 8 hours ago
-
Malicious Go Modules disk-wiping malware
by 22 hours, 36 minutes ago
-
Multiple Partitions?
by 23 hours, 15 minutes ago
-
World Passkey Day 2025
by 1 day, 16 hours ago
-
Add serial device in Windows 11
by 2 days, 7 hours ago
-
Windows 11 users reportedly losing data due forced BitLocker encryption
by 8 hours, 39 minutes ago
-
Cached credentials is not a new bug
by 2 days, 12 hours ago
-
Win11 24H4 Slow!
by 2 days, 12 hours ago
-
Microsoft hiking XBox prices starting today due to Trump’s tariffs
by 2 days, 9 hours ago
-
Asus adds “movement sensor” to their Graphics cards
by 2 days, 14 hours ago
-
‘Minority Report’ coming to NYC
by 2 days, 11 hours ago
-
Apple notifies new victims of spyware attacks across the world
by 2 days, 23 hours ago
-
Tracking content block list GONE in Firefox 138
by 2 days, 22 hours ago
-
How do I migrate Password Managers
by 2 days, 6 hours ago
-
Orb : how fast is my Internet connection
by 2 days, 8 hours ago
-
Solid color background slows Windows 7 login
by 3 days, 11 hours ago
-
Windows 11, version 24H2 might not download via Windows Server Updates Services
by 3 days, 9 hours ago
-
Security fixes for Firefox
by 10 hours, 49 minutes ago
-
Notice on termination of services of LG Mobile Phone Software Updates
by 3 days, 21 hours ago
-
Update your Apple Devices Wormable Zero-Click Remote Code Execution in AirPlay..
by 4 days, 6 hours ago
-
Amazon denies it had plans to be clear about consumer tariff costs
by 3 days, 21 hours ago
Remembering Woody
